Tuesday, November 6, 2012

Diviner - OWASP Zed Attack Proxy Extension

Diviner is a unique platform that attempts to predict the structure of the server-side memory, source code and processes,by executing scenarios aimed to fingerprint behaviors that derive from specific lines of code, processes or memory allocations,by employing the use of a variety of coverage processes, content differentiation tests and entry point execution scenarios,and by using deduction algorithms that convert this information into a visual map of the application. Diviner analyzes and reuses the requests found in ZAP's history at at the moment of its activation, activates the application entry points under different extreme conditions, generates and isolates specific application behaviors,and uses the information obtained to predict the structure of the server side memory,source code, and processes.These aspects are then presented in the form of a visual map,which includes leads, tasks and payload recommendations.